(moved to FeatureAcceptedF16 - feature was approved at 2011-07-18 meeting.)

(5 intermediate revisions by one other user not shown)

Line 10:

Line 10:

== Current status ==

== Current status ==

* Targeted release: [[Releases/16 | Fedora 16 ]]

* Targeted release: [[Releases/16 | Fedora 16 ]]

−

* Last updated: 2011-06-15

+

* Last updated: 2011-07-14

−

* Percentage of completion: 0%

+

* Percentage of completion: 5%

+

+

Discussed with grubby owner. I may need to provide a patch to handle kernel upgrade for tboot+xen+kernel case.

+

+

In progress of discussion with anaconda community to figure out what/how to do for installation support.

== Detailed Description ==

== Detailed Description ==

Line 18:

Line 22:

Below is a mock up screen shot for this

Below is a mock up screen shot for this

−

[[File:tboot.jpg|600px]]

+

[[File:tboot2.jpg|600px]]

* The underlying support to install the package and modify the bootloader cfg.

* The underlying support to install the package and modify the bootloader cfg.

Line 59:

Line 63:

The tboot package is only for x86, but tboot will detect whether the systems supports TXT and will perform a normal boot if it does not (and hence can be installed on x86 systems that do not support TXT).

The tboot package is only for x86, but tboot will detect whether the systems supports TXT and will perform a normal boot if it does not (and hence can be installed on x86 systems that do not support TXT).

−

Users need to download sinit binary from sourceforge.net tboot project corresponding to the hardward platform used and copy it as /boot/sinit.bin before the trusted boot could really work.

+

Intel requires all server OEMs to carry the SINIT ACM for future platforms in their flash. Current availabe models include:

+

* Dell PowerEdge R810/R910 with E7 processors

+

* HP ProLiant DL580 G7 with E7 processors & TPM option kit

== Contingency Plan ==

== Contingency Plan ==

Line 65:

Line 71:

== Documentation ==

== Documentation ==

+

tboot project web page

* http://sourceforge.net/projects/tboot

* http://sourceforge.net/projects/tboot

+

+

Documentation about tboot functionality

+

* http://www.bughost.org/repos.hg/tboot.hg/file/d36fb3e85062/README

+

+

The Intel® TXT Software Development Guide should be able to show you details about what tboot does.

Benefit to Fedora

Fedora will be capable to do trusted launch with tboot support. It will meet the increase needs for platform security.

Scope

Required steps are:

UI to choose TXT/tboot support during installation.

Scripts to install the tboot package and modify the bootloader cfg.

How To Test

It requires platforms supporting Intel TXT.

If selected during system installation UI, make sure the tboot package is installed and the bootloader config is changed to boot tboot as kernel and linux as module.

User Experience

User will find the tboot packge easier to install and use.

Dependencies

None on other packages.

The tboot package is only for x86, but tboot will detect whether the systems supports TXT and will perform a normal boot if it does not (and hence can be installed on x86 systems that do not support TXT).

Intel requires all server OEMs to carry the SINIT ACM for future platforms in their flash. Current availabe models include: